“X Me” is a Facebook Virus

Search

A friend on Facebook invited me to try the “X Me” application. It sounded
a little silly but it was a person I respect, so I clicked on it. As soon as
it installed, it popped up a list of more or less everyone I knew asking if it
was OK to mail invitations to them. I said “no”, and then (weirdly) it popped
up one other name and I said “no” again. Now I’m getting messages from
people asking if I really think they should install “X Me”. This, obviously,
is a virus.

As of now, I ain’t installing any Facebook apps unless someone I
know and trust lets me know, in a personal and one-to-one way, that they’re
using it and it works as advertised and isn’t a scummy virus.

In Facebook, nobody can hear you scream. Except your “friends”. A blog is
different.

Gideon: if it sent messages without permission to Tim's contacts inviting them to install X Me, then it's a virus (or a worm), not just an annoying app. In fact, I suspect that in some jurisdictions, the author could face criminal charges.

Tim: I know that it can be embarrassing when an old tech hand like you gets caught by something like that, but I'm glad that you decided that the greater good of sharing the information outweighed any personal concerns.

The situation is far worse for MSN Messenger, especially since so many of the users or children or teens. I installed Windows XP on an old computer for one of my daughters so that she could use the features like VoIP and nudges (!!) that don't work with the Linux MSN clients. Unfortunately, MSN Messenger seems to allow people to run native windows code sent by contacts with minimal user intervention, and it didn't take long for the whole computer to become infected with spyware and adware. She voluntarily went back to using Web Messenger in Firefox under Linux for a while.

A virus can only spread from one computer to another when its host is taken to the uninfected computer ... A worm, however, can spread itself to other computers without needing to be transferred as part of a host.

I've also been annoyed lately by invitations from Facebook apps. The worst part is that I don't see an option to disable them. I've actually thought of unfriending people who I get lots of notifications from, just so I won't have to get them anymore. It's strange that all other kinds of notifications can be turned off, but these can't.

I'm not going to pretend like facebook's system is perfectly secure, but what you're describing is not supposed to be possible. So, maybe X Me is a virus, or maybe facebook was momentarily borked (which happens quite frequently from my experience with developing facebook apps).

Theoretically, if person A has not added an app (as in invites), if the application tries to send a notification to that person, the sender of the invite must confirm on facebook. As in, all the application receives is a url, which it redirects the user to on facebook's servers where the user confirms sending the invite. One big complaint from developers has been that facebook doesn't even tell the app if the invite was confirmed (use case: some people don't confirm sending because they made a typo in the invite message, but responsible applications think the person has already been invited and doesn't let the user go back and invite the person again).

Facebook is in the process of changing the interface that's made available to applications for sending invitations to a user's friends. They're making a standard form for this purpose, so this kind of automated invitation spamming will no longer be possible. (Note: I am not a FB spokesperson.)

Yes, I built a facebook app. Or more correctly, I ported an existing webapp to run inside of facebook. And I have very few users on it, somewhat to be expected, since my app is a giftlist which requires family members to be useful, not just college friends, and facebook's audience hasn't quite expanded to include families yet like they want/expect to. Maybe by the end of the year.

But what pisses me off about this is that the big facebook apps (defining big by number of users, what else is there for a metric?) have to resort to this kind of "cheating" or pushing the boundaries of what is acceptable.

If an app spreads "virally" by the best-intended use of the term, where one user see it on another user's page and decides to install it, then great! But to spam your friend list? Yuck.

Ho hum. I guess my GiftList will be on the slow growth path for a while...

I too invited all of my friends to add the "X Me" application, even though I clearly clicked the "no" button. Whether it's a virus, a worm or just annoying doesn't matter. I'm glad it's being fixed in a future rev of the Facebook API, because this should obviously not be possible.

I'm the author of X Me (though it's now run by rockyou, and I've not done much on it recently due to exams and end of year celebrations) and I'm pretty intrigued by the invite problem, which I've got a few complaints about. Basically, if we want to compete in terms of numbers, we have to use invites. But we're definitely not trying to spam all your contacts, and it isn't possible due to the fact that facebook makes sure you have to confirm them all. I'm not sure what people mean by clicking the "no" button... since the only links are "Invite friends", which invites the select friends, or "Skip invites", which takes you to the main application page. Maybe a bit more explanation of the exact process people are doing to get this issue?